I don't know if many of you are aware, but elearnsecurity has a you tube channel! On their channel, they have been gracious enough to give us 1 free pentesting video per week!

So after finding the channel and napping for a few hours (long day at work) I decided to fire them up, take a look at the product. I will state up front, I do not know if the videos are from their PTP course, but they are good either way.

The first video is eLearnSecurity - Sniffing and Cracking with Cain & Abel. The video shows us from start to finish, how to perform ARP Poisoning, sniff passwords off the wire and crack them, all from within a free program, the notorious C&A. Now personally, I have never usd C&A, assuming it to be outdated, and of course, not looking to see its uses.

he first thing we see is a screenshot of the current lab setup, a great idea since I was highly tempted after watching this to fire up the lab and see what I could do. I noted somewhat humorously that the attacking computer is an XP machine, and the victim is BT4 R2... strange, but I understand the need for simplicity.

A few notes on this video. Personally, I prefer to hear an instructor. This video was good quality, and I didnt have a hard time following, but in some videos, it can be an issue, plus instructors often can add additional info about how the attack is being carried out.

I would have liked to known how CAIN scans the network for MAC addresses, is this something that would be commonly detected by IDS/IPS?

We were able to see some password cracking using the 3DES hash from the VNC session, where my question is whether we can specify our own dictionaries or tables to be used. I assume so.

Outside of that, I had no questions that weren't solved with quick wikipedia searches. All in all, good video. 9/10

Video 2 is Building backdoors with msfpayload - Part 1 not much to say here but awesome video. I probably would have shied away from something with building and payload in the same sentence, fearing it would be too advanced, or require coding, but my fears were quickly put at ease.

My only real question with this video was payload delivery, it would be nice to see how we can get the executable on the victim machine. 10/10

All in all, Im suscribed, and I cant wait for the next video. If this is any example of what is in the PTP course, all I have to say is I hope there are plenty of videos.